Installing and Configuring the myPortalCompany Application Infrastructure
20. Enter the user name and the password and click Next
7.3.3 Configuring the First Application Server on APPHOST1
Upon installation of the first application server, the iasconfig.xml file shown at the end of Section 7.3.1 yields an OracleAS Web Cache configuration with the functionality shown in Figure 7–5.
Note: The value portal1 in the IASInstance element is the instance name specified in step 22.
Figure 7–5 Pre-Configuration Listener Setup on First Application Server
The configuration of the OracleAS Portal application server tier on APPHOST1 consists of the following tasks:
■ Executing the SSL Configuration Tool on APPHOST1
■ Re-Setting the Oracle Enterprise Manager 10g Link
■ Configuring the Portal Tools Providers on APPHOST1
■ Re-registering mod_osso on APPHOST1
■ Verifying Connectivity for Invalidation Messages from the Database to the OracleAS Web Cache on APPHOST1 through the Load Balancing Router
■ Enabling Monitoring of the Load Balancing Router’s OracleAS Portal Host and Port Settings
■ Testing the Configuration on APPHOST1
7.3.3.1 Executing the SSL Configuration Tool on APPHOST1
Follow these steps to use the SSL Configuration Tool to configure SSL on APPHOST1:
1. Set the ORACLE_HOME environment variable to the Oracle home in which OracleAS Portal resides.
2. Verify that the Oracle Internet Directory server is running by issuing this command in ORACLE_HOME/bin:
ldapbind -h oid.mycompany.com
3. Create a file, ORACLE_HOME/configMyPortal.xml file to include the following:
<sslconfig>
<mid_tier>
<virtual_address ssl="on" host="portal.mycompany.com" port="443" inv_
port="9401" ssl_terminate="lbr"/>
<lbr loopback_port="7777"/>
</mid_tier>
</sslconfig>
4. Issue this command in ORACLE_HOME/bin:
./SSLConfigTools -config_w_file ORACLE_
HOME/configMyPortal.xml -opwdorcladmin password-ptl_inv_pwd webcache invalidation password
In the preceding command, orcladmin password is the Oracle administrator password, and webcache invalidation password is the invalidation password for OracleAS Web Cache.
5. Log in to the OracleAS Single Sign-On Administration page as the Administrator, and use the Administer Partner Applications page to delete the entry for the partner application apphost1.mycompany.com.
6. Configure the OmniPortlet and Web Clipping Provider registration URLs to go through the HTTP port of the Load Balancing Router:
a. Access the OracleAS Portal page at
https://portal.mycompany.com/pls/portal and log in as the portal administrator.
b. Click the Navigator link.
c. Click the Providers tab.
d. Click the Registered Providers link.
e. Click the Edit Registration link.
f. Click the Connection tab and change the beginning of the provider registration URL from https://portal.mycompany.com/ to http://portal.mycompany.com:7777/.
g. Perform steps e and f for the Web Clipping Provider.
7.3.3.2 Re-Setting the Oracle Enterprise Manager 10g Link
To prevent access to Oracle Enterprise Manager 10g from the outside, the link provided by OracleAS Portal must be changed back to point to the internal server. To do this, on APPHOST1, issue the following command in ORACLE_
HOME/portal/conf:
ptlconfig -dad portal -em
7.3.3.3 Configuring the Portal Tools Providers on APPHOST1
You must configure the OracleAS Portal Tools providers (OmniPortlet and OracleAS Web Clipping) to work in this configuration. Follow these steps on APPHOST1 to configure the Portal Tools Provider:
1. Configure OmniPortlet to use a shared preference store. (By default, the
OmniPortlet provider uses the file-based preference store. However, in a multiple middle tier environment, you must use a shared preference store, such as the database preference store DBPreferenceStore.) To configure OmniPortlet to use DBPreferenceStore, perform the following steps:
a. Navigate to the directory ORACLE_HOME/j2ee/OC4J_
Portal/applications/jpdk/jpdk/doc/dbPreferenceStore. b. Create a user on the database containing the PORTAL schema, and grant
create resource and connect privileges, using the create user and grant connect commands in SQL*Plus. Substitute the actual password in the following command. Do not use the default password of welcome, as this poses a security risk.
create user prefstore identified by password;
grant connect, resource to prefstore;
c. Connect as user prefstore and execute the jpdk_preference_
store2.sql script by issuing this command:
@jpdk_preference_store2
d. Edit the ORACLE_HOME/j2ee/OC4J_
Portal/config/data-sources.xml file to add the entry in the subsequent example: ers/omniPortlet/provider.xml file to edit the preferenceStore tag as shown in the subsequent example:
<provider class="oracle.webdb.reformlet.ReformletProvider">
f. Restart the OC4J_Portal instance.
2. Optionally, you can change the settings for the HTTP proxy configuration, or the repository used by OmniPortlet and OracleAS Web Clipping.
You can change the settings on the Portal Tools Edit Provider pages accessible from the Portal Tools providers' test pages. The test pages are located at the following URLs:
■ OmniPortlet provider test page on APPHOST1:
http://apphost1.mycompany.com:7777/portalTools/omniPortlet /providers/omniPortlet
■ Web Clipping provider test page on APPHOST1:
http://apphost1.mycompany.com:7777/portalTools/webClipping /providers/webClipping
Note: Embedding passwords in deployment and configuration files poses a security risk. If you do not want to use a clear text password in the data-sources.xml file, you can create an indirect password by following the steps in Section 7.3.3.4, "Creating an Indirect Password"
on page 7-16.
3. Verify that OmniPortlet and the Web Clipping Provider work properly through the HTTP port of the Load Balancing Router, by accessing the test pages at the
following URLs:
OmniPortlet Provider:
http://portal.mycompany.com:7777/portalTools/omniPortlet/
providers/omniPortlet
Web Clipping Provider:
http://portal.mycompany.com:7777/portalTools/webClipping/
providers/webClipping
7.3.3.4 Creating an Indirect Password
As an alternative to using a cleartext password in the data-sources.xml file, you can create an indirect password by following these steps:
1. Edit the ORACLE_HOME/j2ee/OC4J_Portal/config/jazn-data.xml file to add the prefstore user in the jazn.com realm, as shown in bold:
<realm>
<name>jazn.com</name>
<users>
<user>
<name>prefstore</name>
<display-name>OmniPortlet prefstore</display-name>
<description>OmniPortlet prefstore</description>
<credentials>!welcome</credentials>
</user>
<user>
...
Note: If the "No Portlets Available" message appears under the Portlet Information section in the OmniPortlet Provider test page, then the provider may not be configured correctly. Review Step 1 to ensure correct configuration. The Portlet Information section should list the following:
OmniPortlet
Simple Parameter Form
Note: If, while accessing the test pages, you are prompted to examine the site’s certificate, accept the certificate.
Note: Place the actual password in the credentials element, preceded directly by the ! character. In the preceding example, the password is ’welcome’. The next time OC4J reads the
jazn-data.xml file, it will rewrite the file with the password obfuscated.
2. Edit the ORACLE_HOME/j2ee/OC4J_Portal/config/data-sources.xml file again to use the indirect password by replacing the password attribute as follows:
password="->jazn.com/prefstore"
7.3.3.5 Re-registering mod_osso on APPHOST1
1. Access the following URL:
https://login.mycompany.com/pls/orasso
2. Refresh the Portlet Repository so that the Portal Tools portlets appear in the Portlet Builders folder in the Portlet Repository:
a. Log in as the portal administrator, and click the Builder link.
b. Click the Administrator tab.
c. Click the Portlets sub-tab.
d. Click the Refresh Portlet Repository link in the Portlet Repository portlet.
e. The refresh operation continues in the background.
7.3.3.6 Verifying Connectivity for Invalidation Messages from the Database to the OracleAS Web Cache on APPHOST1 through the Load Balancing Router
When a cached OracleAS Portal object is modified, the OracleAS Portal metadata repository database sends an invalidation message to OracleAS Web Cache to invalidate that object. Since the target configuration has two instances of OracleAS Web Cache, the invalidation message must be load balanced across both OracleAS Web Cache instances. This is an example of component level load balancing.
Before you proceed with this verification, ensure that messages can be sent from the computer hosting the database to the Load Balancing Router. To do this, issue the following command from INFRADBHOST1 and INFRADBHOST2:
telnet portal.mycompany.com 9401
Verify that no connection failure message is returned.
7.3.3.7 Enabling Monitoring of the Load Balancing Router’s OracleAS Portal Host and Port Settings
You must first configure a certificate in Oracle Enterprise Manager 10g on APPHOST1 in order to successfully monitor the OracleAS Portal metrics using the Oracle
Enterprise Manager 10g Application Server Control Console. Perform these steps to configure the Application Server Control Console to recognize the Certificate Authority that was used by the Web Site to support HTTPS:
1. Obtain the Certificate of the Web site's Certificate Authority, as follows:
a. In Microsoft Internet Explorer, connect to the HTTPS URL of the application server you are attempting to monitor.
Note: For more information, see the Oracle Application Server Containers for J2EE Security Guide.
Note: If you execute ptlconfig at any time after completing the steps in Section 7.3.3.3, "Configuring the Portal Tools Providers on
APPHOST1" you must repeat the steps in this section.
b. Double-click the lock icon at the bottom of the browser screen, which indicates that you have connected to a secure Web site. The browser displays the Certificate dialog box, which describes the Certificate used for this Web site.
Other browsers offer a similar mechanism to view the Certificate detail of a Web Site.
c. Click the Certificate Path tab, and select the first entry in the list of certificates.
d. Click View Certificate to display a second Certificate dialog box.
e. Click the Details tab in the Certificate window.
f. Click Copy to File to display the Certificate Manager Export wizard.
g. In the Certificate Manager Export wizard, select Base64 encoded X.509 (.CER) as the format you want to export, and save the certificate to a text file with an easily identifiable name, such as ias_certificate.cer.
h. Open the certificate file using a text editor, and confirm that the content of the certificate file looks similar to the content in the subsequent example:
---BEGIN
CERTIFICATE---2. Update the list of Certificate Authorities, as follows:
a. Locate the b64InternetCertificate.txt file in the ORACLE_
HOME/sysman/config directory. This file contains a list of Base64 Certificates.
b. Edit the b64InternetCertificate.txt file and add the contents of the certificate file you just exported to the end of the file, taking care to include all the Base64 text of the certificate, including the BEGIN and END lines.
c. Use the orapki utility to update the monwallet Oracle wallet by issuing the following command:
ORACLE_HOME/bin/orapki wallet add -walletORACLE_
HOME/sysman/config/monwallet-trusted_cert -cert certificate location
In the preceding command, certificate location is the full path to the location of the ias_certificate.cer file.
d. When prompted, enter a password for the monwallet wallet file. The default password is welcome.
Perform these steps to enable monitoring of the Load Balancing Router's front-end host and port settings for OracleAS Portal:
1. Open the ORACLE_HOME/sysman/emd/targets.xml file.
2. Locate the OracleAS Portal targets, for example, TYPE="oracle_portal". 3. Edit the PortalListeningHostPort property so that it points to the Load
Balancing Router. For example:
<Property NAME="PortalListeningHostPort"
VALUE="https://portal.mycompany.com:443"/>
4. Save and close the targets.xml file.
5. Reload the targets.xml file in the Application Server Control Console by issuing this command in ORACLE_HOME/bin:
emctl reload
6. Restart the Application Server Control Console by issuing the following commands in ORACLE_HOME/bin:
emctl stop iasconsole emctl start iasconsole
7.3.3.8 Testing the Configuration on APPHOST1
1. Perform the following tests:
a. Access OracleAS Web Cache and Oracle HTTP Server through the Load Balancing Router with following URL:
https://portal.mycompany.com
b. Test the connection to the Oracle Application Server Metadata Repository through the Load Balancing Router, by accessing the following URL:
https://portal.mycompany.com/pls/portal/htp.p?cbuf=test The response should be test. If this is the result, the Oracle Application Server middle-tier was able to connect to the OracleAS Metadata Repository. If it is not, review APPHOST1_ORACLE_HOME/Apache/Apache/logs/error_
log and APPHOST1_ORACLE_HOME/j2ee/OC4J_
Portal/application-deployments/portal/OC4J_Portal_default_
island_1/application.log for information on how to resolve the error.
c. Test the Oracle AS Portal using following URL (ensure that you can log in):
https://portal.mycompany.com/pls/portal
d. Verify that content is being cached in OracleAS Web Cache on APPHOST1, using Web Cache Administrator. Under Monitoring, click Popular Requests.
Select Cached from the Filtered Objects drop-down list, and click Update.
If you accessed OracleAS Portal, portal content (for example, URLs that contain /pls/portal) will appear.
If there is no portal content, open another browser and log in to OracleAS Portal. Return to the Popular Requests page, and click Update to refresh the page content.
e. Add a portlet to a page, and then verify that the new content is present. If the new content does not display properly, or if errors occur, then the OracleAS Web Cache invalidation is not configured correctly.